The code below is in this file, comment_box2.php.
The first 5 lines are the form which dispays the two boxes asking for the user name and message.
The remainder is the php code which displays the information in the database.
When the user clicks the submit button, the file action_comment_box2.php gets called.
This code can be seen further down the page.
<form action="php/action_comment_box2.phpmethod="post">
Name &nbsp;&nbsp;&nbsp;&nbsp;<input type="textname="MWD_form_name" /><br />
Message <input type="textname="MWD_form_comment" /><br />
<input type="submit" />
</form>

<?php
$MWD_sqlserver = "name_of_sqlserver_localhost";
$MWD_sqluserid = "your_server_userid";
$MWD_sqlpassword = "your_server_pasword";
$MWD_sqldatabase = "your_database_name";

if(!($MWD_Con = mysqli_connect($MWD_sqlserver, $MWD_sqluserid, $MWD_sqlpassword) <br />or die(mysqli_error($MWD_Con))))
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con));
}
if(!(mysqli_select_db($MWD_Con,$MWD_sqldatabase) or die(mysqli_error($MWD_Con))))
{ printf("Errormessage: %s\n", mysqli_error($MWD_Con));
}

if(!($result = mysqli_query($MWD_Con,"SELECT * FROM MWD_Tb_CommentsBox_SQLinjectionProtection")))
    { printf("Errormessage 140: %s\n", mysqli_error($MWD_Con));}
while($row = mysqli_fetch_array($result))
  {
  echo "<br />"
  echo "<div class='message'>";
  echo "<div class='label_author'>";
  echo "Author:";
  echo"</div>";
  echo "<div class='author'>";
  echo $row['MWD_col_name'];
  echo "</div>";
  echo "<br /> " ;
  echo "<div class='comment'>";
  echo $row['MWD_col_comment'];
  echo "</div>";
  echo "</div>";//end of message class div tag
  echo "<br />";
  }
mysqli_free_result($result);
mysqli_close($MWD_Con); 
?>
Below is the code in the file php/action_comment_box2.php.
Basiclly what this code does is, add the new user data from the form to the database, and then reload the page comment_box2.php
<?php 
$MWD_sqlserver = "name_of_sqlserver_localhost"; 
$MWD_sqluserid = "your_server_userid"; 
$MWD_sqlpassword = "your_server_pasword"; 
$MWD_sqldatabase = "your_database_name"; 

if(!($MWD_Con = mysqli_connect($MWD_sqlserver, $MWD_sqluserid, $MWD_sqlpassword) 
or die(mysqli_error($MWD_Con)))) { printf("Errormessage: %s\n", mysqli_error($MWD_Con)); } if(!(mysqli_select_db($MWD_Con,$MWD_sqldatabase) or die(mysqli_error($MWD_Con)))) { printf("Errormessage: %s\n", mysqli_error($MWD_Con)); } // Create a MySQL table in the selected database if(!(mysqli_query($MWD_Con,"CREATE TABLE IF NOT EXISTS
MWD_Tb_CommentsBox_SQLinjectionProtection( id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), MWD_col_name VARCHAR(30), MWD_col_comment VARCHAR(200))")or die(mysql_error()))) { printf("Errormessage: %s\n", mysqli_error($MWD_Con)); } $MWD_name = $_POST['MWD_form_name']; $MWD_comment = $_POST['MWD_form_comment']; if($MWD_name && $MWD_name) { $MWD_name = mysqli_real_escape_string($MWD_Con,$MWD_name); $MWD_comment = mysqli_real_escape_string($MWD_Con,$MWD_comment); if(!(mysqli_query($MWD_Con,"INSERT INTO MWD_Tb_CommentsBox_SQLinjectionProtection
(MWD_col_name, MWD_col_comment)
VALUES('$MWD_name','$MWD_comment') "
))) { printf("Errormessage 137 : %s\n", mysqli_error($MWD_Con));} } else//Both fields are empty so do nothing, you could maybe give an error message {} mysqli_close($MWD_Con); header('Location:http://www.myleswebdesign.co.uk/comment_box2.php'); ?>








  MylesWebDesign.co.uk   ©2010